<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>pg_authid</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 9.1.2 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="System Catalogs"
HREF="catalogs.html"><LINK
REL="PREVIOUS"
TITLE="pg_attribute"
HREF="catalog-pg-attribute.html"><LINK
REL="NEXT"
TITLE="pg_auth_members"
HREF="catalog-pg-auth-members.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2011-12-01T22:07:59"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
><A
HREF="index.html"
>PostgreSQL 9.1.2 Documentation</A
></TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
TITLE="pg_attribute"
HREF="catalog-pg-attribute.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="catalogs.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Chapter 45. System Catalogs</TD
><TD
WIDTH="20%"
ALIGN="right"
VALIGN="top"
><A
TITLE="pg_auth_members"
HREF="catalog-pg-auth-members.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="CATALOG-PG-AUTHID"
>45.8. <TT
CLASS="STRUCTNAME"
>pg_authid</TT
></A
></H1
><P
>   The catalog <TT
CLASS="STRUCTNAME"
>pg_authid</TT
> contains information about
   database authorization identifiers (roles).  A role subsumes the concepts
   of <SPAN
CLASS="QUOTE"
>"users"</SPAN
> and <SPAN
CLASS="QUOTE"
>"groups"</SPAN
>.  A user is essentially just a
   role with the <TT
CLASS="STRUCTFIELD"
>rolcanlogin</TT
> flag set.  Any role (with or
   without <TT
CLASS="STRUCTFIELD"
>rolcanlogin</TT
>) can have other roles as members; see
   <A
HREF="catalog-pg-auth-members.html"
><TT
CLASS="STRUCTNAME"
>pg_auth_members</TT
></A
>.
  </P
><P
>   Since this catalog contains passwords, it must not be publicly readable.
   <A
HREF="view-pg-roles.html"
><TT
CLASS="STRUCTNAME"
>pg_roles</TT
></A
>
   is a publicly readable view on
   <TT
CLASS="STRUCTNAME"
>pg_authid</TT
> that blanks out the password field.
  </P
><P
>   <A
HREF="user-manag.html"
>Chapter 20</A
> contains detailed information about user and
   privilege management.
  </P
><P
>   Because user identities are cluster-wide,
   <TT
CLASS="STRUCTNAME"
>pg_authid</TT
>
   is shared across all databases of a cluster: there is only one
   copy of <TT
CLASS="STRUCTNAME"
>pg_authid</TT
> per cluster, not
   one per database.
  </P
><DIV
CLASS="TABLE"
><A
NAME="AEN85227"
></A
><P
><B
>Table 45-8. <TT
CLASS="STRUCTNAME"
>pg_authid</TT
> Columns</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><COL><COL><COL><THEAD
><TR
><TH
>Name</TH
><TH
>Type</TH
><TH
>Description</TH
></TR
></THEAD
><TBODY
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolname</TT
></TD
><TD
><TT
CLASS="TYPE"
>name</TT
></TD
><TD
>Role name</TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolsuper</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>Role has superuser privileges</TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolinherit</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>Role automatically inherits privileges of roles it is a
       member of</TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolcreaterole</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>Role can create more roles</TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolcreatedb</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>Role can create databases</TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolcatupdate</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>       Role can update system catalogs directly.  (Even a superuser cannot do
       this unless this column is true)
      </TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolcanlogin</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>       Role can log in. That is, this role can be given as the initial
       session authorization identifier
      </TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolreplication</TT
></TD
><TD
><TT
CLASS="TYPE"
>bool</TT
></TD
><TD
>       Role is a replication role. That is, this role can initiate streaming
       replication (see <A
HREF="warm-standby.html#STREAMING-REPLICATION"
>Section 25.2.5</A
>) and set/unset
       the system backup mode using <CODE
CLASS="FUNCTION"
>pg_start_backup</CODE
> and
       <CODE
CLASS="FUNCTION"
>pg_stop_backup</CODE
>
      </TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolconnlimit</TT
></TD
><TD
><TT
CLASS="TYPE"
>int4</TT
></TD
><TD
>       For roles that can log in, this sets maximum number of concurrent
       connections this role can make.  -1 means no limit.
      </TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolpassword</TT
></TD
><TD
><TT
CLASS="TYPE"
>text</TT
></TD
><TD
>       Password (possibly encrypted); null if none.  If the password
       is encrypted, this column will begin with the string <TT
CLASS="LITERAL"
>md5</TT
>
       followed by a 32-character hexadecimal MD5 hash.  The MD5 hash
       will be of the user's password concatenated to their user name.
       For example, if user <TT
CLASS="LITERAL"
>joe</TT
> has password <TT
CLASS="LITERAL"
>xyzzy</TT
>,
       <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> will store the md5 hash of
       <TT
CLASS="LITERAL"
>xyzzyjoe</TT
>.  A password that does not follow that
       format is assumed to be unencrypted.
      </TD
></TR
><TR
><TD
><TT
CLASS="STRUCTFIELD"
>rolvaliduntil</TT
></TD
><TD
><TT
CLASS="TYPE"
>timestamptz</TT
></TD
><TD
>Password expiry time (only used for password authentication);
       null if no expiration</TD
></TR
></TBODY
></TABLE
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="catalog-pg-attribute.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="catalog-pg-auth-members.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><TT
CLASS="STRUCTNAME"
>pg_attribute</TT
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="catalogs.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><TT
CLASS="STRUCTNAME"
>pg_auth_members</TT
></TD
></TR
></TABLE
></DIV
></BODY
></HTML
>